[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core][dunfell][PATCH] sqlite3: ignore CVE-2024-0232
From: "Peter Marko via lists.openembedded.org" <peter.marko=siemens.com () lists ! openembe
Date: 2024-01-28 16:53:58
Message-ID: 20240128165358.657852-1-peter.marko () siemens ! com
[Download RAW message or body]
Content-Transfer-Encoding: 8bit
From: Peter Marko <peter.marko@siemens.com>
This CVE reports bug which was fixed in 3.43.2 by [1].
Code analysis shows that it is fixing caching issue
and this cache was introduced by [2].
This landed only in 3.43.0 so 3.85.5 is not affected.
[1] https://sqlite.org/src/info/5b09212ac05615fc
[2] https://sqlite.org/src/info/2dbb22c75e86f2e3
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
meta/recipes-support/sqlite/sqlite3_3.31.1.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb \
b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb index ef12ef0db2..b2d8f9f1dd 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.31.1.bb
@@ -25,3 +25,5 @@ SRC_URI[sha256sum] = \
"62284efebc05a76f909c580ffa5c008a7d22a1287285d68b7825a2b6b5 CVE_CHECK_WHITELIST += \
"CVE-2019-19242" # This is believed to be iOS specific \
(https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA) CVE_CHECK_WHITELIST += \
"CVE-2015-3717" +# This was introduced in 3.43.0, 3.31.1 is not yet affected
+CVE_CHECK_WHITELIST += "CVE-2024-0232"
--
2.30.2
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194444): https://lists.openembedded.org/g/openembedded-core/message/194444
Mute This Topic: https://lists.openembedded.org/mt/104014792/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic